lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <a1a18bec-e694-9a51-9d88-753baf0e6d2b@linux.dev> Date: Fri, 18 Aug 2023 08:26:06 -0700 From: Yonghong Song <yonghong.song@...ux.dev> To: Geliang Tang <geliang.tang@...e.com>, Alexei Starovoitov <ast@...nel.org>, Daniel Borkmann <daniel@...earbox.net>, Andrii Nakryiko <andrii@...nel.org>, Martin KaFai Lau <martin.lau@...ux.dev>, Song Liu <song@...nel.org>, Yonghong Song <yhs@...com>, John Fastabend <john.fastabend@...il.com>, KP Singh <kpsingh@...nel.org>, Stanislav Fomichev <sdf@...gle.com>, Hao Luo <haoluo@...gle.com>, Jiri Olsa <jolsa@...nel.org>, Florent Revest <revest@...omium.org>, Brendan Jackman <jackmanb@...omium.org>, Matthieu Baerts <matthieu.baerts@...sares.net>, Mat Martineau <martineau@...nel.org>, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, John Johansen <john.johansen@...onical.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, Stephen Smalley <stephen.smalley.work@...il.com>, Eric Paris <eparis@...isplace.org>, Mykola Lysenko <mykolal@...com>, Shuah Khan <shuah@...nel.org>, Simon Horman <horms@...nel.org> Cc: bpf@...r.kernel.org, netdev@...r.kernel.org, mptcp@...ts.linux.dev, linux-security-module@...r.kernel.org, selinux@...r.kernel.org, linux-kselftest@...r.kernel.org Subject: Re: [PATCH bpf-next v14 1/4] bpf: Add update_socket_protocol hook On 8/18/23 1:24 AM, Geliang Tang wrote: > On Wed, Aug 16, 2023 at 09:11:56AM +0800, Geliang Tang wrote: >> Add a hook named update_socket_protocol in __sys_socket(), for bpf >> progs to attach to and update socket protocol. One user case is to >> force legacy TCP apps to create and use MPTCP sockets instead of >> TCP ones. >> >> Define a fmod_ret set named bpf_mptcp_fmodret_ids, add the hook >> update_socket_protocol into this set, and register it in >> bpf_mptcp_kfunc_init(). >> >> Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/79 >> Acked-by: Matthieu Baerts <matthieu.baerts@...sares.net> >> Acked-by: Yonghong Song <yonghong.song@...ux.dev> >> Signed-off-by: Geliang Tang <geliang.tang@...e.com> >> --- >> net/mptcp/bpf.c | 15 +++++++++++++++ >> net/socket.c | 26 +++++++++++++++++++++++++- >> 2 files changed, 40 insertions(+), 1 deletion(-) >> >> diff --git a/net/mptcp/bpf.c b/net/mptcp/bpf.c >> index 5a0a84ad94af..8a16672b94e2 100644 >> --- a/net/mptcp/bpf.c >> +++ b/net/mptcp/bpf.c >> @@ -19,3 +19,18 @@ struct mptcp_sock *bpf_mptcp_sock_from_subflow(struct sock *sk) >> >> return NULL; >> } >> + >> +BTF_SET8_START(bpf_mptcp_fmodret_ids) >> +BTF_ID_FLAGS(func, update_socket_protocol) >> +BTF_SET8_END(bpf_mptcp_fmodret_ids) >> + >> +static const struct btf_kfunc_id_set bpf_mptcp_fmodret_set = { >> + .owner = THIS_MODULE, >> + .set = &bpf_mptcp_fmodret_ids, >> +}; >> + >> +static int __init bpf_mptcp_kfunc_init(void) >> +{ >> + return register_btf_fmodret_id_set(&bpf_mptcp_fmodret_set); >> +} >> +late_initcall(bpf_mptcp_kfunc_init); >> diff --git a/net/socket.c b/net/socket.c >> index 5d4e37595e9a..fdb5233bf560 100644 >> --- a/net/socket.c >> +++ b/net/socket.c >> @@ -1657,12 +1657,36 @@ struct file *__sys_socket_file(int family, int type, int protocol) >> return sock_alloc_file(sock, flags, NULL); >> } >> >> +/* A hook for bpf progs to attach to and update socket protocol. >> + * >> + * A static noinline declaration here could cause the compiler to >> + * optimize away the function. A global noinline declaration will >> + * keep the definition, but may optimize away the callsite. >> + * Therefore, __weak is needed to ensure that the call is still >> + * emitted, by telling the compiler that we don't know what the >> + * function might eventually be. >> + * >> + * __diag_* below are needed to dismiss the missing prototype warning. >> + */ >> + >> +__diag_push(); >> +__diag_ignore_all("-Wmissing-prototypes", >> + "A fmod_ret entry point for BPF programs"); > > Hi Martin & Yonghong, > > I got a sparse warning for this new added 'update_socket_protocol': > > > touch net/socket.c && make C=1 net/socket.o > > net/socket.c:1676:21: warning: symbol 'update_socket_protocol' was not declared. Should it be static? This is a sparse warning. Let us ignore it for now. We already have __diag_ignore for missing prototypes in the above, but sparse won't recognize them. Also, 'static' is conflict with '__weak' attribute, and we cannot remove '__weak' attribute. > > What should I do to fix it, or should I just leave it here? Please give > me some suggestions. > > Thanks, > -Geliang > >> + >> +__weak noinline int update_socket_protocol(int family, int type, int protocol) >> +{ >> + return protocol; >> +} >> + >> +__diag_pop(); >> + >> int __sys_socket(int family, int type, int protocol) >> { >> struct socket *sock; >> int flags; >> >> - sock = __sys_socket_create(family, type, protocol); >> + sock = __sys_socket_create(family, type, >> + update_socket_protocol(family, type, protocol)); >> if (IS_ERR(sock)) >> return PTR_ERR(sock); >> >> -- >> 2.35.3 >> >
Powered by blists - more mailing lists